On Sun, Dec 28, 2025 at 02:38:38PM -0800, Mitchel Humpherys wrote: > Introduce a new QEMU hook operation "stop" that is called before a > domain is terminated (via virsh shutdown or virsh destroy). This allows > external scripts to perform cleanup or veto the stop process by > returning a non-zero exit code. The hook is called as:
IMHO this idea is conceptually flawed. We cannot guarantee to veto a stop process because the guest OS itself can shutdown and/or crash at any time, and libvirt can't prevent it doing that. So this hook is only able to veto a shutdown initiated by a host admin. At that point this looks rather like an access control mechanism, and we already have that available with our API access control system. So IMHO only the existing "stopped" hook makes conceptual sense. With regards, Daniel -- |: https://berrange.com -o- https://www.flickr.com/photos/dberrange :| |: https://libvirt.org -o- https://fstop138.berrange.com :| |: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
